Your message dated Sun, 21 Dec 2014 22:33:57 +0000 with message-id <e1y2p4x-00050d...@franck.debian.org> and subject line Bug#772793: fixed in cpio 2.11+dfsg-2.1 has caused the Debian Bug report #772793, regarding cpio: CVE-2014-9112 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 772793: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772793 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: cpio Severity: grave Tags: security Hi, please see http://seclists.org/fulldisclosure/2014/Nov/74 for the original report. Patches: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: cpio Source-Version: 2.11+dfsg-2.1 We believe that the bug you reported is fixed in the latest version of cpio, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 772...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Gilbert <mgilb...@debian.org> (supplier of updated cpio package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 21 Dec 2014 21:09:44 +0000 Source: cpio Binary: cpio cpio-win32 Architecture: source all Version: 2.11+dfsg-2.1 Distribution: unstable Urgency: high Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Changed-By: Michael Gilbert <mgilb...@debian.org> Description: cpio - GNU cpio -- a program to manage archives of files cpio-win32 - GNU cpio -- a program to manage archives of files (win32 build) Closes: 772793 Changes: cpio (2.11+dfsg-2.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2014-9112: out of bounds write, insufficient range checking, and null pointer dereference issues (closes: #772793). Checksums-Sha1: d8a4cb33ece14456a869a04c8fb476998c3cb720 2548 cpio_2.11+dfsg-2.1.dsc c15e64285b11472586924bd2e47b14cb800e37d4 18410 cpio_2.11+dfsg-2.1.debian.tar.bz2 382c38aaac01cb668689f314899f51e389921757 59226 cpio-win32_2.11+dfsg-2.1_all.deb Checksums-Sha256: 69d0873a184cd2a3e4515625a3abd429764bcae9b372593ccc74453a249e3567 2548 cpio_2.11+dfsg-2.1.dsc 67b52d3f2cab21136fca80ebe0c585b55701f4b3b5aecec12e899956129fb994 18410 cpio_2.11+dfsg-2.1.debian.tar.bz2 201f50abca95bc4570c67cd9e01bd406ff09c507f1a7ef4375fc34fcac340869 59226 cpio-win32_2.11+dfsg-2.1_all.deb Files: d775e80de3c03fa3efb534f40516c8be 2548 utils important cpio_2.11+dfsg-2.1.dsc 52768bbc0d3c153fa884e3ab3292afcd 18410 utils important cpio_2.11+dfsg-2.1.debian.tar.bz2 a34f51096def480cfe852f8186bbcba3 59226 utils extra cpio-win32_2.11+dfsg-2.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJUl0grAAoJELjWss0C1vRz6msgAJHoBqot5jUVtvUDEwbqD/aC YMjhBrxfbPrt/r66+jIDSvdcTHDaPUm6nJmlBiFj97PcVO0pE6pnUw3g06tQkdiQ aR1tSZFPvBiypZvjycVdRul8MFjgIwQX5cHPPBiAzeMwD9qhBeAens+Zw6763zpv 7DfUfR/7DX9+er3jfSRSXtImZPsZnkSK1Fg1JzgCpaiMY+mzh6p02WC00rwHNxac Tkho6ynbnLB+PmRYMlUJWvF4OD42+vckev7YE7OpLN4NtSJ+KNIytiC8elpnKvs8 1cjfE2icfkW5tPtVZCUmMNYflgzAaBYwgjfmlvEDasACYpHTjJguukf6SERfCNM3 Y3N2eEwOdebc5OP8PS700LqiSLJDP2JTLW/v2/ZgrRCOF09VI53mtG1GPhB0GHVu ch4cDYxV0hIMoqvz6dJKAfTtGQ3VV0nbl4zS7yLW/5TVbjDUwqzO4Kd4rGn7paA6 qtHIzyRd0OmAcSzAV9VZKwhQ529r9b4xEo3xjkGpHLoYhk90SEYjbN6CuDtiKfUG CB+DOINW5SC2WLn1Y5ZF25NYZgzHS8b9LeRd9fN/1hUsZ0xm1vMqfGWORzktha9K X5/Cuwc8ZgzeOW4axSMmU7D2KoQATnvF00Be7uBbgleuoj+AQ8Yt8e7zcDaC0IQE ttd47ObdP164hGFjHl4mnxc7jmJAYn768v70OF4GyLP8+WWoi88GSgPK8JjdE7C4 PQ1+l93zQj5Rp8e27uSR/aCnQamtxF+WaJlmMmT8rccI8TKXrSv4OJkaUPnFRDJu rLqga52imSlc2QrIRt5pHRTzsknF+aXS2ka7PetYj2w6uAnVV5gGdVfjeTzl5iem EEe1jNbaHS/rujM7KL+GPXkZLvvbtM2ndUSik/wosjirwUPZu0SYduUOaYNSNZjP dR5/sheGEqkHgN0KQXmbLImpUTR8buLKPieilgJ61e9XJ5X7oAgOPbUNULjfrYTX OrTjTOWE1ABml+vAJP4gbp9rHB5m18YP+PYdmqfTy0FhJHbwK94So8I1lVYf6sIg 6UtkrIIR1iBU/9b11mRbZbqmPzvj/C1kakBVPphTAsAwVpcRBHSMBlt5s9Dgb9QL r0lorvBeZDb2R37LH3Td3HSmdK5PMhTf4g8JI2duJzNY54zEwk6ucYArLpNvlYMm Fi5C53pVWkcU20Ok2UYGH2lI0EegvKOz09P9hMMqN/zQ54EvWLtZThO03Pjq+2Io IHqA4v5wwHKv218OUIxN7iUwZaVEbaIQaoy29I/lfEyu7ylN3dl1inVudAUxjinK +O3JCBHJ160EnLgHnNwjOdhhy6bacUZS2VhmQ3mvy0IayZHOYhTwnIz2ZrSBUEQ= =eXa7 -----END PGP SIGNATURE-----
--- End Message ---
